bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: joe editor backup problem <-- same with emacs


From: og1
Subject: Fwd: joe editor backup problem <-- same with emacs
Date: Wed, 18 Sep 2002 21:01:56 +0200

Hello, attached is a recent post on the bugtraq mailing list,
note that the same 'bug' happens with emacs aswell.

Regards,
Y.G.
--- Begin Message --- Subject: joe editor backup problem Date: Tue, 17 Sep 2002 20:30:24 +0200 User-agent: Mutt/1.4i
Hi all,

there's a minor problem with the popular opensource editor 'joe'
(http://sourceforge.net/projects/joe-editor/). The way how joe handles
backup files may create unwanted suid files.

Example situation:

(1) unprivileged user creates some file and puts suid bit on it:

  trtko$ ls -l suid.file*
  -rwsr-sr-x    1 trtko    trtko          68 Sep 17 19:57 suid.file

(2) root goes and opens, edits and closes the file in 'joe'.

(3) now look:

  trtko$ ls -l suid.file*
  -rwsr-sr-x    1 trtko   trtko         68 Sep 17 19:57 suid.file
  -rwsr-sr-x    1 root    root          68 Sep 17 19:58 suid.file~

Oops, root owned suid file was unintentionally created.

This is a low risk since successful attack would require some sort of
social engineering in making the administrator edit attackers file.
Also some systems (Linux) won't let you have suid scripts, so you would
have to make the root edit some compiled executable, or you would have
to use some other tricks maybe...

Maybe it's even not exploitable at all. Either way, having such
unnecessary suid files generally isn't a good idea, I believe.

(Project maintainers were contacted and have fixed the issue in the CVS
version.)

Have a nice day
  Ondrej

--
Ondrej Suchy <ondrej-bugtraq@qlinux.cz>

--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]